[Plugin Request] OMEMO #10
Comments
|
👍 |
|
I am contemplating about GitHub having a voting system, similarly to GitLab. Thank you, @rapgro, for the the 👍 vote and, in case you didn't know, for getting me into Jabber. |
|
I'd like to add even multiple 👍 's |
|
You know encryption is illegal in Russia, so I'm out of business. |
|
Oops, sorry to hear that. |
this is not true |
|
That's true.
This makes OMEMO useless in Russia |
|
We can you TLS encryption with same success here. |
|
Так-так, что тут у нас? Гражданин, вы задержаны. |
That's problem of service provider
That's not responsibility of user. That's what service provider have to do. |
|
And that's why omemo IS useful. There's no point in encrypting data, if nobody's gonna intercept it. |
|
Why you support Off-The-Record? |
|
OTR was implemented before thie weird laws. |
|
OMEMO would be really usefull since OTR is close to useless with multi-sessions. |
|
@Ri0n would it be legal as a Russian user to choose a provider in a free country like mine and using OMEMO there? |
|
Well yes and no. From government point of view if Russians use foreign services then these foreign services should keep their user database on territory of Russian Federation. At least for Russian users. Actually this makes little sense for end user since it's a problem of service provider, not user. So it's fine to implement and use it. And if the government bans such a service provider for such illegal activity like not keeping unencrypted chat history, well that's the destiny =) |
That's not really so. Services must keep only users' personal information (real name, address, credit card info, social security number and other info, which identifies user's person) on russian territory. |
|
Ok. it's fine without using VCards :-D |
|
@Ri0n How about deletion of messages unrelated to a topic? @GreenLunar , @Neustradamus Have you seen any self-contained C or C++ library with OMEMO encryption support? (Like libotr for OTR.) |
|
Hi, |
|
There is also libolm:
|
|
I found libomemo. It looks raw, but this is better than nothing. |
|
self-contained C or C++ library with OMEMO encryption support? (Like libotr
for OTR.)
Isn't axolotl+protobuf enough?
|
|
any psi+ end to end encryption is currently broken with windows (10) portable version (psi-plus-1.3.306_win7_x86_64) psi+ crashes on OTR key generation. this is an unlucky situation because both gajim and conversations dropped OTR in favour of OMEMO, but OMEMO is still experimental on psi+. nevertheless the OTR plugin should not crash so there is no constellation i can use psi+ with end to end encryption currently. |
This is known bug in 64-bit version of libotr. You may use 32-bit version of Psi+ with OTR plugin until this bug is fixed.
I have just re-checked it in clean Win8.1 environment and all work fine. Try to clear the list of your OMEMO keys from other XMPP client (for example, from Conversations or Gajim), then delete |
This is a very strange decision. Usage of OMEMO is more simple from end user point of view, but OTR is more secure... |
Could you explain this? I always thought OMEMO was more secure than OTR, because it has newer cryptographic primitives like Curve25519 for example. |
I am not talking about used cryptographic algorithms, but about whole architecture in common. For example:
|
|
Thank you for your detailed explanation to this, good points! 👍 |
What do you mean by "update"?
Do you know what the double ratchet does? It " updates" the session on every received and sent message, so your statement is wrong.
Communication is encrypted when stored on the server. Even if you would get acces to "the private key", you could only decode a limited amount of the data (exactly one message). One property of the axolotl ratchet is, that it is self healing and provides both forward secrecy, as well as future secrecy. |
In OTR Plugin there is pushbutton "Generate new key". And only current XMPP client will be affected. In such way user may easily update his(her) private key any time s(he) find this necessary. With OMEMO all is more global: there is "Clear devices" pushbutton which will cause to re-generation of "private keys" on all devices. And users use it more rarely.
It looks I remembered this wrong (or mixed up with another algorithm): I thought the session id for each two "devices" is generated only once during session initialization (if they do not have a common session yet) and is constant after that. In such case you need delete session id or device id to start a new session. But after re-reading on OMEMO specification I see that session id is updated after receiving of each new message using an unique key from it.
Ok. You are right. So a history with OMEMO encrypted messages on server side is less useful than I thought: it may be decrypted only one time (from each device) and after that it become useless. |
This is wrong. The function will only "unpublish" OMEMO key material from the server. The actual keys stay untouched. Once an "unpublished" device comes online, it will republish its keys again. However, some implementations offer you an option to regenerate your identity, which will delete the OMEMO keys of the device and create new ones.
Exactly :) |
|
@tehnick [re Apr 13]
I miss the Socialist Millionaire Protocol (to authenticate identity) but unfortunately it crashed receiver's clients. I wish SMP was an option to OMEMO authentication.
mam / carbons should expose an additional setting in 'client's server archival preference' as in some clients [Conversations] to purge chat history after specified window. Not for the reason of your concern necessarily, but for the occasional client [Conversations] but of close/erase history, start new conversation, server archive restores. You might want to read RiseUp.net critique of OMEMO. |
|
Hello everybody, I found the source code of the OMEMO plugin at GitHub. But how do I install it? Help is appreciated. Thank you! |
|
It should be included in latest Psi+ builds. If it isn't included in your build, you have to compile it. |
Thanks for your answer! Where do I find the latest Psi+ build? The one I found for MacOS at Sourceforge is older the the current Psi version, it seems. |
|
There are no fresh builds for macOS as far as I know. |
Is there anybody who has experience with building Psi+ for macOS? I managed to build it but have a hard time linking the app bundle correctly. would be great if there is anybody who knows how to do it. |
|
@Letterus try some our scripts https://github.com/psi-plus/maintenance/tree/master/scripts/macosx |
Thank you, great hint - lot's of work done there! I had to adjust the Mac Makefile/patch, but then it compiled nicely. But the OMEMO plugin does not seem to do anything. Does not even show a key for myself in the prefs. Already asked in the dev MUC, help is appreciated here. |
|
@Letterus Just add OMEMO button on toolbars in Psi+ Options Dialog and restart program. |
@tehnick Thanks for your reply. The button is on the toolbar, but greyed out. When I disable toolbars the menu says "OMEMO is not available for this contact" (Update: corrected error message). Crypto debug menu says:
Any idea? |
|
+1 |
|
@Letterus Have you tried recently? Perfect for you? For all people, have you updated your Psi/Psi+? I would like feedbacks from all users for OMEMO:
In the same time:
Thanks in advance. |
|
As for macOS builds you may download latest build from SF: or install it using |
|
A new PR from @nullobsi has been merged: I think that it helps a lot of people here. |
|
@ all, I have recently published some tickets about OMEMO, if some guys can look it, it will be nice. I have done a full step description to show the current OMEMO bugs to permit to solve it: Can you test it in your client, please confirm it, and help to solve? Others:
Thanks in advance. |
|
Psi+ 1.5.1605.0 exists with some OMEMO fixes, and @Vitozz has done Windows builds here:
Do not hesitate to comment, and confirm current bugs here: |
and others
A plugin that adds support for OMEMO encryption.
https://conversations.im/omemo/
https://github.com/omemo
The text was updated successfully, but these errors were encountered: